<?php
	require_once(dirname(__FILE__)."/../../inc/session_auth.php");
	require_once(dirname(__FILE__)."/../../inc/config.php");
	require_once(dirname(__FILE__)."/../../inc/response.php");
	require_once(dirname(__FILE__)."/../../inc/class/user/User.php");
	require_once(dirname(__FILE__)."/../../inc/debug.php");
?>
<?php
	$secret = "whatgoesaroundcomesaround";

	mydebug_log("[LOGIN] start");
	// wfuser object
	$wfuser = new WFUser();
	if( $wfuser->isFailed() ) {
		mydebug_log("[LOGIN] WFUSER init failed");
		make_error_response( LOGIN_ERRCODE_DBERR, LOGIN_ERRCODE_DBERR_MSG.": ".$wfuser->getErrMessage());
		exit;
	}

	if( !isset($_REQUEST['act']) ) {
		mydebug_log("[LOGIN] act is invalid");
		make_error_response( LOGIN_ERRCODE_LACKINPUT, LOGIN_ERRCODE_LACKINPUT_MSG."(act)");
		exit;
	}

	/*
	 * [Login]
	 * - It should be used in STANDALONE mode ONLY.
	 */
	if( $_REQUEST['act'] == "login") {
		mydebug_log("[LOGIN][login] email:".$_REQUEST['email'].":".$_REQUEST['password']);
		if( !isset($_REQUEST['email']) || $_REQUEST['email'] == "" || !isset($_REQUEST['password']) ) {
			mydebug_log("[LOGIN][login] invalid input");
			make_error_response( LOGIN_ERRCODE_LACKINPUT, LOGIN_ERRCODE_LACKINPUT_MSG."(email,password)");
			exit;
		}
		// do login
		if( false == $wfuser->login( $_REQUEST['email'], $_REQUEST['password']) ) {
			mydebug_log("[LOGIN][login] login failed");
			make_error_response( LOGIN_ERRCODE_LOGINFAIL, LOGIN_ERRCODE_LOGINFAIL_MSG);
			exit;
		}
		// create page cookies
		mydebug_log("[LOGIN][login] creating cookies");
		$wfuser->createCookieForPage();
		make_successful_response( LOGIN_OK_SUCCESS_MSG, $wfuser->gencode());
		exit;
	} 

	/////// forgot password request , get data and send email
	if( $_REQUEST['act'] == "forgot" ) {
		mydebug_log("[LOGIN][forget] email: ".$_REQUEST['email']);
		// check email
		if( false == $wfuser->loaduser_byemail($_REQUEST['email']) ) {
			mydebug_log("[LOGIN][forget] no user");
			make_successful_response( LOGIN_OK_EMAILSENT_MSG, null); // avoid username detection, just response ok
			exit;
		}
		// now we have $userinfo
		$host = str_replace("www." , "" , $_SERVER['HTTP_HOST']);
		$from = "$wfconf_sitename <nobody@$host>\r\n";
		$subj = "Your Password";
		$message = "Dear User,\nHere is your password : ".$wfuser->get_password()."\n\nRegards,\n".$GLOBALS['wfconf_sitename']."\n".$GLOBALS['wfconf_base'];
		mail( $wfuser->get_email() , $subj , $message , $from);
		mydebug_log("[LOGIN][forget] mail is sent");
		make_successful_response( LOGIN_OK_EMAILSENT_MSG, null);
		exit;
	}

	/*
	 * [check]
	 * - Client uses this command to load settings.
	 * - You need to know which mode you are.
	 */
	if( $_REQUEST['act'] == "check" ) {
		mydebug_log("[LOGIN][check]");
		if( (!isset($_REQUEST['hash']) || $_REQUEST['hash'] == "") ) {
			make_error_response( LOGIN_ERRCODE_LACKINPUT, LOGIN_ERRCODE_LACKINPUT_MSG."(email)");
			exit;
		}

		// check user state
		$recovered = false;
		if( STANDALONE_WF ) {
			mydebug_log("[LOGIN][check] recover session STANDALONE");
			$recovered = $wfuser->standalone_user_init();
		} else {
			mydebug_log("[LOGIN][check] recover session PRODUCT");
			$recovered = $wfuser->product_user_init();
		}
		if( $recovered == false ) {
			mydebug_log("[LOGIN][check] recover session failed");
			make_error_response( LOGIN_ERRCODE_LOGINFAIL, LOGIN_ERRCODE_LOGINFAIL_MSG);
			exit;
		}
		mydebug_log("[LOGIN][check] recover session ok");
		/*
		 * return the widgets of only first tab
		 */
		$ckresult = $wfuser->check_result($_REQUEST['pid'],$_REQUEST['cid']);
		if( $ckresult == false ) {
			make_error_response( LOGIN_ERRCODE_DBERR, LOGIN_ERRCODE_DBERR_MSG);
		} else {
			mydebug_log("[LOGIN][check] check result: ".$ckresult);
			make_successful_response( LOGIN_OK_SUCCESS_MSG, $ckresult);
		}
		exit;
	}
	mydebug_log("[LOGIN] weird end");
	// weird request, response error anyway
	make_error_response( LOGIN_ERRCODE_LACKINPUT, LOGIN_ERRCODE_LACKINPUT_MSG);
	exit;
?>
